The Code Analysis Tool (CAT.NET) v1 CTP came out last December and I have been meaning to try it out. There is a 32-bit Visual Studio plug-in version available, although there appears to be some issues with it at this point in time. If you are running a 64-bit machine then you can grab a 64-bit command line version - this version does not suffer from the same limitations as the 32-bit version.

CAT.NET is a static, as opposed to runtime tool. It looks at the assemblies in your project and traces the information flow from start to finish. You then get a report of what it finds in XML and HTML format. I ran it on an application I developed and located two potential XSS vulnerabilities in a library I obtained from another vendor.

This is an incredibly simple tool to use and I cannot think of any excuse not to take a few moments to run it on an application prior to going live. Think of it as one extra layer of safety.